X-Ways Forensics: Integrated Computer Forensics Software

X-Ways Forensics is an advanced work environment
for computer forensic examiners and our flagship product. Runs under
Windows XP/2003/Vista/2008/7/8/8.1/2012/10*, 32 Bit/64 Bit,
standard/PE/FE. (Windows FE is described
here,
here and
here.) Compared to its competitors, X-Ways Forensics is more
efficient to use after a while, by far not as resource-hungry, often
runs
much faster, finds deleted files and search hits that the
competitors will miss, offers many features that the others lack, as
a German product is potentially more
trustworthy, comes at a fraction of the
cost, does not have any ridiculous hardware requirements, does not
depend on setting up a complex database, etc.! X-Ways Forensics is fully portable
and runs off a USB stick on
any given Windows system without installation if you want. Downloads and
installs within seconds (just a few MB in size, not GB). X-Ways Forensics is based on the
WinHex hex and disk editor and
part of an efficient
workflow model where computer forensic examiners share data and
collaborate with investigators that use
X-Ways Investigator.

Evaluation version not publicly available, only on
request to law enforcement, government agencies and certain
corporations. Please provide us with your full official address and
contact details.
Eval. version of WinHex.

Ability to copy relevant files to
evidence
file containers, where they retain almost all their original
file system metadata, as a means to selectively acquire data in
the first place or to exchange selected files with
investigators, prosecution, lawyers, etc.

Complete case management.

Ability to tag files and add notable files to the case
report. Ability to enter comments about files for inclusion in
the report or for filtering.

Support for multiple examiners in cases, where X-Ways
Forensics distinguishes between different users based on their
Windows accounts. Users may work with the same case at different
times or at the same time and keep their results (search hits,
comments, report table associations, tagmarks, viewed files,
excluded files, attached files) separate, or shares them if
desired.

Case reports can be imported and further processed by any
other application that understands HTML, such as MS Word

Event timestamps can be sorted chronologically to get a
timeline of events. They are represented graphically in a
calendar to easily see hotspots of activity or periods of
inactivity or to quickly filter for certain time periods with 2
mouse clicks.

Extremely extensive and precise file type verification based
on signatures and specialized algorithms

Ability to copy files off an image or a drive including
their full path, including or excluding file slack, or file
slack separately or only slack

Automatic identification of encrypted MS Office and PDF
documents

Can extract almost any kind of embedded files (including
pictures) from any other kind of files, thumbnails from JPEGs
and thumbcaches, .lnk shortcuts from jump lists, various data
from Windows.edb, browser caches, PLists, tables from SQLite
databases, miscellaneous elements from OLE2 and PDF documents,
...

Detection of black & white or gray-scale pictures, which
could be scanned-in documents or digitally stored faxes

Detection of PDF documents that should be OCR'ed

Ability to extract still pictures from video files in
user-defined intervals, using
MPlayer or
Forensic Framer,
to drastically reduce the amount of data when having to check
for inappropriate or illegal content

Lists the contents of archives directly in the directory
browser, even in a recursive view

Powerful search hit listings with context preview, e.g. like
“all search hits for the search terms A, B, and D in .doc and
.ppt files below \Documents and Settings with last access date
in 2004 that do not contain search term C”

Option to sort search hits by their data and context instead
of just by the search terms to which they belong. Ability to
filter search hits by the textual context around them using an
additional keyword.

X-Tensions API
(programming interface) to add your own functionality or
automate existing functionality with very high performance (for
example the popular C4All as an X-Tension runs about 6 times
faster than as an EnScripts), does not require you to learn a
proprietary programming language

No complicated database to set up and connect to, with the
risk of never being able to open your case again like in
competing software

Interface for PhotoDNA (only for law enforcement), which can
recognize known pictures (even if stored in a different format
or altered) and can return the classification (“CP”, “relevant”,
“irrelevant”) to X-Ways Forensics

...

This feature overview is incomplete. It is
impossible to list all the features and options. The above list is
notoriously incomplete, last updated on May 23, 2015.
Check prices, order now. Other available
languages: .
X-Ways Forensics is protected with a local
dongle
or
network dongle or via BYOD. Reduced
and simplified user interface available for investigators that are
not forensic computing specialists, at half the price:
X-Ways Investigator